Today, IBM is announcing a new generation of features in support of cryptography and Local Area
Networks (LANs). This refresh of technology for an on demand world demonstrates IBM's commitment to
a balanced system design, helping to satisfy the requirements of your growing applications.

A new cryptographic feature, Crypto Express2, is being introduced to continue to help satisfy your
high-end security requirements and to help balance the workload generated by your applications.

New Gigabit Ethernet features, designed to deliver line speed, are being made available, as is 10
Gigabit Ethernet  a new member of the Ethernet family for use in your enterprise backbone,
between campuses, to connect server farms to your zSeries® 890 and 990, and to consolidate file
servers onto zSeries 890 and 990.

Today IBM is also announcing that the zSeries 990 has received the Common Criteria Evaluation
Assurance Level 5 (EAL5) certification for the security of its logical partitions (LPARs). The
z990, along with the z900 and z800, continues the zSeries leadership as currently the only servers
to achieve this prestigious assurance level for partitioning as of August 2004.

Planned availability dates

The following is planned to be available September 24, 2004, on zSeries:

GDPS/PPRC Multiplatform Resiliency for zSeries

The following is planned to be available October 29, 2004:

Additional z800 to z890 upgrade paths

The following features and functions are planned to be available October 29, 2004, on z890
and z990:

Cryptographic support for 19-digit Personal Account Numbers (PANs) on PCIXCC

ICSF support of 19-digits PANs on PCIXCC is planned to be available December 17, 2004, via
the ICSF Virtual Support for z/OS® and z/OS.e V1.6 Web deliverable.

Less than 512-bit keys for clear key RSA operations on PCIXCC

FICON purge path extended

TCP/IP stack utilization improvement for OSA-Express

Layer 2 support for OSA-Express

z/VM® V5.1 Layer 2 support for OSA-Express is planned to be available December 3, 2004.

CFCC level 14 with CFCC Dispatcher Modifications

On/Off CoD test

Extended staging of CIU-Express and On/Off CoD orders

The following features are planned to be available October 29, 2004, on S/390® G6
servers and zSeries (z800, z900, z890, z990):

TKE 4.2 code (#0853)

TKE 4.2 Smart Card Reader (#0887)

TKE 4.2 additional Smart Cards (#0888)

The following is planned to be available October 29, 2004, on z800 and z900:

2048-bit key RSA operations for PCICC (#0867)

The following features and functions are planned to be available January 28, 2005, on z890
and z990:

Crypto Express2 (#0863)

Cryptographic support for 19-digit PANs on Crypto Express2

Less than 512-bit keys for clear key RSA operations on Crypto Express2

OSA-Express2 offerings

Gigabit Ethernet SX (#3365) and LX (#3364)

10 Gigabit Ethernet LR (#3368)

Layer 2 support

640 TCP/IP stacks

Large send support

Concurrent LIC update

The following features and functions are planned to be available in the z/VM V5.1 environment
January 28, 2005:

Crypto Express2

OSA-Express2

Layer 2 support for OSA-Express2

640 TCP/IP stacks for OSA-Express2

TCP/IP stack utilization improvement for OSA-Express

The zSeries 890 and 990 advantage

IBM continues to demonstrate the viability of its zSeries platform with the fourth announcement of
new function on zSeries 990 (first introduced in May 2003) and the second announcement of new
function on zSeries 890 (first introduced in April 2004).

Today, IBM is introducing Crypto Express2, combining the functions of the PCI Cryptographic
Accelerator and the PCIX Cryptographic Coprocessor in one feature, and at the same time introducing
several new functions. New Gigabit Ethernet features with enhanced functions are also being
introduced along with 10 Gigabit Ethernet for your enterprise backbones and server farms.

This refresh of technology may help to satisfy the server consolidation connectivity requirements of
on demand businesses.

zSeries 990 achieves prestigious EAL5 certification

Facilitating server consolidation
: The IBM zSeries 990 has
received the Common Criteria Evaluation Assurance Level 5 (EAL5) certification for the security
of its logical partitions (LPARs). The z990's logical partitioning was evaluated against the ISO
15408 Common Criteria standard, recognized in the global IT market. The z990, along with the z900
and z800, continues the zSeries leadership as currently the only servers to achieve this prestigious
assurance level for partitioning as of August 2004.

EAL5 certification provides a high degree of assurance that Processor Resource/Systems Manager
(PR/SM) may be configured and used in environments where separation of workloads is a
requirement, but where the use of a single server platform is desirable for reasons of economy,
flexibility, security, or management.

PR/SM is designed to prevent the flow of information among logical partitions, providing highly
secure isolation. This isolation allows images of zSeries supported operating systems, including
z/OS, z/VM, and Linux on zSeries, to run in different logical partitions on a single zSeries
server.

The z990 EAL5 certification demonstrates that the zSeries server continues to be an essential
building block for the integration of on demand business applications as well as traditional
corporate workloads on a single server. The z890 is designed to offer many of the features and
functions of the z990 and is currently under evaluation for EAL5 certification.

Crypto Express2 for on demand business and security

In December 2000, IBM delivered the PCI Cryptographic Coprocessor (PCICC), followed by the PCI
Cryptographic Accelerator (PCICA) in October 2001. The PCIX Cryptographic Coprocessor (PCIXCC)
feature was made available in September 2003. With this announcement, the functions of the
PCICA and PCIXCC features are being delivered in one feature,
Crypto Express2
. Like its predecessors, the Crypto Express2 feature has been designed to satisfy high-end server
security requirements.

The Integrated Cryptographic Service Facility (ICSF), a component of z/OS and z/OS.e, is designed to
transparently use the available cryptographic functions  the CP Assist for Cryptographic Function
(CPACF) as well as the PCICA, PCIXCC, and Crypto Express2 features  to balance the workload and
satisfy the requirements of the applications.

The Crypto Express2 feature is designed for Federal Information Processing Standard (FIPS) 140-2
Level 4 Certification and has two coprocessors for improved system throughput. A performance
benefit is expected with multitasking applications. A performance benefit may not be realized with
single-threaded applications, which can utilize only one of the two coprocessors.

The Crypto Express2 feature supports the following:

Consolidation and simplification via a single cryptographic coprocessor feature on z890 and z990.

Integration of functions previously supported by the PCICA and PCIXCC features in Crypto Express2.

Up to a maximum of eight features per server (16 coprocessors; two coprocessors per feature). The
combined maximum of PCICA (#0862), Crypto Express2 (#0863), and PCIXCC (#0868) cannot exceed eight
features per server.

Compute-intensive public key cryptographic functions designed to help reduce CP utilization and
increase system throughput.

All of the new functional enhancements that were announced in April 2004, namely PKE, PKD,
DUKPT, and EMV2000. Refer to Hardware Announcement
104-115
, dated April 7, 2004, and Hardware Announcement
104-117
, dated April 7, 2004.

All logical partitions (LPARs) in all Logical Channel Subsystems (LCSSs) have access to the Crypto
Express2 feature, up to 30 LPARs per feature. While it occupies an I/O slot it does not use Channel
Path Identifiers (CHPIDs).

The Crypto Express2 feature replaces the PCICA and PCIXCC features, is exclusive to z890 and z990,
and is supported by z/OS, z/OS.e, z/VM, VSE/ESA, and Linux on zSeries. z/VM, VSE/ESA, and Linux
on zSeries offer support for clear key SSL transactions only. Refer to the
Standards
section and to the
Hardware requirements
and
Software requirements
sections. Refer also to the
Special features
section of the
Sales Manual
on the Web for further information.

Cryptographic support for 19-digit PANs:
Crypto Express2 and PCIXCC now offer CVV generation and verification
services for 19-digit PANs:
Industry practices for use of the Card Validation Value (CVV) are moving
to base CVV computations on a 19-digit Personal Account Number (PAN)
instead of the 13-digit and 16-digit PANs currently in use and supported
by ICSF and the PCIXCC feature. ICSF, Crypto Express2, and PCIXCC now
support use of a 19-digit PAN in the CVV generation and verification
services (CSNBCSG and CSNBCSV respectively).

Support of CVV generation and verification services for 19-digit PANs, an
anti-fraud security feature, is supported by the Crypto Express2 and
PCIXCC features on z890 and z990 and by z/OS and z/OS.e. Refer to the
Hardware requirements
and
Software requirements
sections for further information.

Enabling use of less than 512-bit keys for clear key RSA operations:
The Crypto Express2 and PCIXCC features are designed to support applications that require clear
key RSA operations using keys less than 512 bits, including ICSF Callable services and their
corresponding verbs: Digital Signature Verify (CSNDDSV), Public Key Encrypt (CSNDPKE), and Public
Key Decrypt (CSNDPKD). All other ICSF Callable services that require a Crypto Express2 or PCIXCC
feature continue to require keys of more than 511 bits. Enabling the lower limit for clear key RSA
operations may allow the migration of some additional cryptographic applications to z890 and z990
servers without requiring the applications to be rewritten.

Support of applications that require clear key RSA operations using keys less than 512 bits applies
to the Crypto Express2 and PCIXCC features, to z890 and z990, and is supported by z/OS, z/OS.e, and
z/VM. Use of less than 512-bit keys for clear key RSA operations is currently available on the
PCICC feature offered on z900 and z800. Refer to the
Hardware requirements
and
Software requirements
sections for further information.

2048-bit key RSA operations for PCICC on z800, z900

2048-bit key (clear and secure) RSA operations capability for z800 and z900 servers, in support of
new Automated Teller Machine (ATM) standards, is planned to be available via 2048-bit key RSA
operations for the PCICC (#0867) feature. 1024-bit key RSA operations is available today via a
Functional Control Vector (FCV) on the PCI Cryptographic Coprocessor (PCICC) Enablement diskette
(#0865). This capability is unique to PCICC and does not apply to the CMOS Cryptographic
Coprocessor Facility (CCF).

The 2048-bit FCV is designed to support four ICSF services:

Public Key Decrypt

Symmetric Key Import

Symmetric Key Export

Symmetric Key Generate

Applications that require 2048-bit key RSA operations are expected to be able to migrate with ease.

2048-bit key RSA operations support for the PCICC features on z800 and z900 is transparent to the
hardware and is supported by z/OS, z/OS.e, z/VM, and Linux on zSeries. z/VM and Linux on zSeries
offer support for clear key RSA operations only. Refer to the
Software requirements
section for further information. This is an integrated capability on the Crypto Express2 and PCIXCC
features on z890 and z990. There is no unique feature.

TKE 4.2 Smart Card Reader for security and convenience

TKE 4.2 workstation with Smart Card Reader support:
The Trusted Key Entry (TKE) workstation with the 4.2 level of Licensed Internal Code is an
optional feature of the zSeries that provides a secure key management system. The key management
system provides authorized persons a method of key identification, exchange, separation, update, and
management.

Support for an optional Smart Card Reader attached to the TKE 4.2 workstation allows the use of
smart cards, which resemble credit cards in size and shape, but contain an embedded microprocessor
and associated memory for data storage. Access to and the use of confidential data on the smart
cards are protected by a user-defined personal identification number (PIN).

The TKE 4.2 Smart Card Reader feature (#0887) has four major functions:

Storing ICSF key parts, specifically master and operational key parts

Storing 4758 PCI Cryptographic Coprocessor master key parts

Generating, storing, and using a TKE authority signature key pair

Generating, storing, and using a 4758 logon key pair

For example, the smart card is able to store one or more 4758 PCI Cryptographic Coprocessor master
key parts. The parts are stored in the "clear" on the smart card. The master key parts are
generated by the 4758 PCI Cryptographic Coprocessor within the TKE workstation and are transferred
to the smart card for storage and later read back to the 4758 for processing. The master key parts
are encrypted, for added security, during transport between the smart card and the 4758.

The TKE 4.2 Smart Card Reader support does not remove any of the mechanisms available in the current
TKE LIC. That is, with the smart card support, it is still possible to store key parts on diskettes
or paper, or to use a TKE authority key stored on a diskette, and to log on to the 4758 using a
passphrase.

The following optional features are associated with the TKE 4.2 workstation Smart Card Reader
support:

TKE 4.2 code (#0853)

TKE 4.2 Smart Card Reader (#0887)

TKE 4.2 additional Smart Cards (#0888)

The optional Smart Card Reader, which can be attached to a TKE workstation with the 4.2 level of
LIC, is available on S/390 G6 servers as well as zSeries 800, 900, 890, and 990. Currently
installed TKE workstations can be upgraded to the TKE 4.2 code to allow use of the Smart Card
Reader.

Support for an optional Smart Card Reader attached to a TKE workstation satisfies the Statement of
General Direction in Hardware Announcement
103-142
, dated May 13, 2003.

TKE 4.2 code:
The TKE 4.2 level of LIC (#0853) includes support for the Smart Card Reader. The TKE 4.2 code
is designed to provide a secure local and remote method of operational and master key entry. The
TKE 4.2 code applies to the TKE workstation and is available on S/390 G6 servers as well as zSeries
800, 900, 890, and 990. Currently installed TKE workstations can be upgraded to the TKE 4.2 code to
allow use of the Smart Card Reader.

FICON Express enhancements for Storage Area Networks

Preview  FCP LUN Access Control:
IBM zSeries is previewing Fibre Channel Protocol (FCP) Logical Unit Number (LUN) Access
Control, which is designed to provide host-based control of access to storage controllers and their
devices as identified by their LUNs. It can allow read-only sharing of FCP SCSI devices among
multiple operating system images.

If a host channel is shared among multiple operating system images, the access control mechanism
would provide for either none or all of these images to have access to a particular storage
controller or device (logical unit).

FCP LUN Access Control will allow you to define, via an access control table, individual access
rights to storage controller ports and devices for each operating system image. A system
configuration using FCP LUN Access Control may significantly reduce the number of FCP channels
(FICON Express features) that are needed to provide controlled access to the data on FCP SCSI
devices. FCP LUN Access Control complements the zoning and LUN masking schemes that exist in open
storage environments. All of these types of access control can be used together.

FCP LUN Access Control will allow read-only sharing of FCP SCSI devices among multiple operating
system images via a shared FCP Channel. A device to be used in shared read-only mode must be
defined accordingly in the access control table.

Configuration Utility:
The Configuration Utility for FCP LUN Access Control is expected to be a Linux user space
application which will be used to configure the FCP LUN Access Control.

To define and activate LUN Access Control, you would create an access control table that describes
the access rights in XML format. In this table, you would define access rights to storage
controllers and devices in the SAN and identify devices to be shared in read-only mode.

The Configuration Utility for FCP LUN Access Control is expected to be required to process the
access control table, verify proper specification of the rules, and activate the access control
functions in the FCP channel.

The Configuration Utility for FCP LUN Access Control is planned to be a package consisting of user
documentation and sample files with a skeleton to help you generate an XML-format access control
table, and the utility program itself. The program is intended to provide a command line interface
(CLI) and be supported by Linux on zSeries.

It is expected that the Configuration Utility will be provided for download by registered users via
Resource Link

When available, FCP LUN Access Control will be supported by the FICON
Express features when configured as CHPID type FCP, will be exclusive to
z890 and z990, and is planned to be available in the z/VM and Linux on
zSeries environments. Refer to the
Hardware requirements
and
Software requirements
sections for further information. This statement represents IBM's current intentions. IBM
development plans are subject to change or withdrawal without further notice.

IBM zSeries is interested in obtaining customers to participate in an Early Support Program (ESP) to
exploit the FCP LUN Access Control function on a z990 or z890. If you have an interest in
participating, contact Kathy Kulchock at 845-433-3028, or kathyk@us.ibm.com. All inquiries should
be received by November 15, 2004, to be considered for this program. Responses to this notice do
not imply a commitment to be a participant in this ESP, but rather allow you to be considered for
selection.

FICON purge path error-recovery function is extended so that it transfers error-related data and
statistics between the channel and entry switch, and from the control unit and its entry switch to
the host operating system.

z/OS can now record this information so that it can be used to more quickly isolate the source of
link-related errors by both channel and control unit field personnel.

FICON purge path extended applies to the FICON Express features when configured as CHPID type FC
(native FICON), is exclusive to z890 and z990, and is supported by z/OS and z/OS.e. Refer to the
Hardware requirements
and
Software requirements
sections for further information.

Hardware withdrawal  ESCON® Director Model 5 and features

On April 7, 2004, IBM announced the hardware withdrawal from marketing of the IBM ESCON
Director Model 5 (9032-005) and all of its associated features, including the Bridge card which
enables ESCON control units to be attached to FICON channels on Generation 5 and beyond servers.

After December 30, 2004, orders for the ESCON Director and all of its associated features
will no longer be accepted. It is highly recommended that you evaluate your current and future
requirements prior to the final order acceptance date.

It is recommended that each ESCON Director has a console, other than the Hardware Management Console
(HMC), to perform operator and service tasks. If you do not have a console, you may order a console
(#5900) prior to December 31, 2004.

OSA-Express2  A new generation for LANs

IBM is introducing a new generation of OSA-Express Gigabit Ethernet features, as well as a 10
Gigabit Ethernet feature. This refresh of technology, OSA-Express2, can help to satisfy the
bandwidth demands of your applications. Like their predecessors, the OSA-Express2 features continue
to be hot-pluggable, support the Multiple Image Facility (MIF)  sharing of channels across
logical partitions (LPARs), and can be defined as a spanned channel to be shared among LPARs within
and across LCSSs. Whether OSA-Express2 or OSA-Express, the total number of features per server is
20 on z890, and 24 on z990. The Gigabit Ethernet features each have two ports and the 10 Gigabit
Ethernet LR (Long Reach) feature has one port.

Also like the predecessor features, OSA-Express2 GbE and 10 GbE support the direct SNMP subagent,
all of the SNMP enhancements previously announced, Virtual Local Area Networks (VLANs  IEEE
802.1q), Internet Protocol Version 4 (IPv4), and IPv6. The OSA-Express2 features support all
of the functions previously announced for the QDIO mode (CHIPD type OSD). Refer to the z890 and
z990
Software requirements
section of the
Sales Manual
on the Web and to the January 28, 2005, update to the
z890 and z990 Open Systems Adapter-Express Customer's Guide and Reference
(SA22-7935).

OSA-Express2 Gigabit Ethernet:
The third generation of Gigabit Ethernet features is designed to deliver line speed, 1 Gbps in
each direction, and support the following new functions (described in more detail later in this
section).

Layer 2

640 TCP/IP stacks per CHPID

Large send, for TCP/IP traffic and CPU efficiency, offloading the TCP segmentation processing from
the host TCP/IP stack

Concurrent LIC update

OSA-Express2 GbE continues to operate in QDIO mode only (CHPID type OSD), supporting full duplex
operation, and jumbo frames (8992 byte frame size). The new OSA-Express2 GbE features continue to
be dual-port features occupying a single I/O slot, and utilize one CHPID per port (two CHPIDs per
feature). The new OSA-Express2 Gigabit Ethernet SX (short wavelength) (#3365) and OSA-Express2
Gigabit Ethernet LX (long wavelength) (#3364) features replace the OSA-Express Gigabit Ethernet
features (#1364, #1365) currently offered on z890 and z990.

The OSA-Express2 GbE features continue to support Checksum Offload (in the z/OS, z/OS.e, and Linux
on zSeries environments  refer to the
Software requirements
section). They have the same connector type, LC Duplex, as the current OSA-Express Gigabit Ethernet
features (#1364, #1365).

The OSA-Express2 GbE features support the QDIO mode only (CHPID type OSD), are exclusive to z890 and
z990, and are supported by z/OS, z/OS.e, z/VM, VSE/ESA, TPF, and Linux on zSeries. Refer to the
Standards
section and to the
Hardware requirements
and
Software requirements
sections for further information. Also refer to the
Special features
section of the
Sales Manual
on the Web.

Checksum offload is supported in the z/OS, z/OS.e, and Linux on zSeries
environments. Refer to the
Software requirements
section for further information.

The 10 Gigabit Ethernet (10 GbE) feature does not support auto-negotiation to any other speed. The
10 GbE supports 64B/66B coding, whereas GbE supports 8B/10B coding. Therefore, auto-negotiation is
not possible.

Note:
The OSA-Express2 10 Gigabits per second (Gbps) link data rate does not represent the actual
throughput of the OSA-Express2 10 GbE LR feature. Actual throughput is dependent upon many factors,
including traffic direction, the pattern of acknowledgement traffic, packet size, the application,
TCP/IP, the network, the disk subsystem, and the number of clients being served.

The OSA-Express2 10 Gigabit Ethernet LR feature supports the QDIO mode only (CHPID type OSD), is
exclusive to z890 and z990, and is supported by z/OS, z/OS.e, z/VM, VSE/ESA, TPF, and Linux on
zSeries. Refer to the
Standards
section for conformance information as well as additional information on the features. Refer to the
Hardware requirements
and
Software requirements
sections for further information. Also refer to the
Special features
section of the
Sales Manual
on the Web.

For IP and non-IP workloads:
Now, the new OSA-Express2 features and the current OSA-Express features
on z890 and z990 can support two transport modes: Layer 2 (Link Layer)
as well as the current Layer 3 (Network or IP Layer). Traffic can be IP
(IPv4, IPv6) or non-IP (AppleTalk, DECnet, IPX, NetBIOS, or SNA). OSA
and the z/VM virtual switch are now protocol independent and Layer-3
independent. Layer 2 support can help facilitate server consolidation.

With support of the new Layer 2 interface, packet forwarding decisions
are now based upon Layer 2 information, instead of Layer 3 information.
z/VM guests no longer need to share a Medium Access Control (MAC) address
with OSA  each operating system attached to the Layer 2 interface has
its own MAC address. Complexity can be reduced, network configuration is
simplified and intuitive, and LAN administrators can configure and
maintain the mainframe environment the same as they do a nonmainframe
environment.

An OSA-Express2 or OSA-Express Ethernet feature can filter inbound
datagrams by Virtual Local Area Network identification (VLAN ID, IEEE
802.1q), the Ethernet destination MAC address, or both. Filtering can
reduce the amount of inbound traffic being processed by the operating
system, helping to reduce CPU utilization. OSA port sharing is supported
only between virtual switches that are using the same transport mode
(Layer 2 with Layer 2 and Layer 3 with Layer 3). A Layer 2 guest cannot
communicate directly with a Layer 3 guest.

Another mechanism for helping to reduce host CPU utilization is the z/VM
virtual switch. The virtual switch can help to eliminate the requirement
for router virtual machines. The virtual switch currently supports IPv4
transport only. With z/VM V5.1, the virtual switch exploits the Layer 2
support within the z/VM Control Program. The z/VM Control Program owns
the connection to the OSA feature and manages the MAC addresses and VLAN
connectivity of the attached guests. The virtual switch performs
automatic MAC address generation and assignment to allow uniqueness
within and across z/VM images, LPARs, and servers. MAC addresses can
also be locally administered. z/VM V5.1 virtual switch support will
exploit the Layer 2 support within the z/VM Control Program.

Layer 2 support, for flexible and efficient data transfer of IP and
non-IP workloads, is applicable to OSA-Express2 Gigabit Ethernet (#3364,
#3365) and 10 Gigabit Ethernet LR (#3368), OSA-Express 1000BASE-T
Ethernet (#1366), and Gigabit Ethernet LX and SX (#1364, #1365, #2364,
#2365) and is supported in QDIO mode only (CHPID type OSD). Layer 2
support is exclusive to z890 and z990, and is supported by z/VM and Linux
on zSeries. Refer to the
Hardware requirements
and
Software requirements
sections for further information.

Announcement of OSA-Express Layer 2 support satisfies the Statement of General Direction in Hardware
Announcement
104-117
, dated April 7, 2004, and Hardware Announcement
104-118
, dated April 7, 2004.

Improved virtualization  now 640 TCP/IP stacks

For OSA-Express2:
If you have a need to host more Linux images, increasing the number of TCP/IP stacks may be of
benefit. The OSA-Express2 features support 640 TCP/IP stacks/connections per dedicated CHPID, or
640 total stacks across multiple LPARs using a shared or spanned CHPID. The OSA-Express features
support 160 TCP/IP stacks.

If multiple priorities for queues is disabled, the maximum number of devices allowed is 1920 (1920
devices / 3 = 640 stacks). If multiple priorities for queues is enabled (one to four QDIO
priorities), the maximum number of devices is 480 (480 devices / 3 = 160 stacks).

Support for 640 TCP/IP stacks is applicable to the OSA-Express2 features (Gigabit Ethernet SX,
Gigabit Ethernet LX, 10 Gigabit Ethernet LR) which support the QDIO mode only (CHPID type OSD), is
exclusive to z890 and z990, and is supported by z/OS, z/OS.e, z/VM, and Linux on zSeries. Refer to
the
Hardware requirements
and
Software requirements
sections for further information.

Large send for TCP/IP traffic  Designed for efficiency

For OSA-Express2:
Large send, also referred to as TCP segmentation offload, can improve performance by offloading TCP
packet processing from the host to the OSA-Express2 features. Offload allows the host to send large
blocks of data (64 kilobytes), instead of 1492 byte packets, to the OSA-Express2 feature. The
OSA-Express2 feature then separates the 64 KB blocks into standard Ethernet packets (1492 bytes) to
be sent out on the LAN. This applies to outbound traffic only, IPv4 or IPv6, and applies only to
unicast datagrams. Large send support can help reduce host processor utilization, returning CPU
cycles for application use while increasing network efficiencies.

Large send support applies to the OSA-Express2 features (Gigabit Ethernet SX, Gigabit Ethernet LX,
10 Gigabit Ethernet LR) which support QDIO mode only (CHPID type OSD), is exclusive to z890 and
z990, and is supported by Linux on zSeries. Refer to the
Hardware requirements
and
Software requirements
sections for further information.

OSA-Express2 concurrent LIC update  An availability enhancement:
The OSA-Express2 features have increased memory to facilitate concurrent application of LIC
updates, allowing the application of LIC updates without requiring a configuration off/on, thereby
minimizing the disruption of networking traffic during the update.

Concurrent LIC update applies to the OSA-Express2 features (Gigabit Ethernet SX, Gigabit Ethernet
LX, 10 Gigabit Ethernet LR), is offered for the QDIO mode only (CHPID type OSD), and is exclusive to
z890 and z990. Refer to the
Hardware requirements
section for further information. There are no operating system dependencies.

OSA-Express TCP/IP stack utilization improvement:
The OSA-Express features support 160 TCP/IP stacks. Previously, in order to use all those
stacks, the CHPID had to be shared by multiple logical partitions (LPARs). There was a restriction
(only allowing a single control unit definition per CHPID) that limited the number of stacks to 84
per LPAR. That restriction is lifted. Now, a single LPAR can contain all 160 stacks offered by
OSA-Express.

The TCP/IP stack utilization improvement applies to OSA-Express Gigabit Ethernet, 1000BASE-T
Ethernet, Fast Ethernet, and Token Ring (#1364, #1365, #1366, #2364, #2365, #2366, #2367), is
supported in QDIO mode only (CHPID type OSD), is exclusive to z890 and z990, and is supported by
z/OS, z/OS.e, and z/VM. Refer to the
Hardware requirements
and
Software requirements
sections for further information.

GDPS enhancements

GDPS/PPRC Multiplatform Resiliency for zSeries:
In April 2004, an announcement was made that GDPS planned to exploit the new z/VM
HyperSwap function to provide a coordinated near continuous availability and disaster recovery
solution for z/OS and Linux guests running under z/VM. Refer to Hardware Announcement
104-118
, dated April 7, 2004. GDPS/PPRC Multiplatform Resiliency for zSeries became available
September 24, 2004.

z/VM 5.1 provides a new HyperSwap function, so that the virtual devices associated with one real
disk are capable of being swapped transparently to another disk. HyperSwap can be used to switch to
secondary disk storage subsystems mirrored by Peer-to-Peer Remote Copy (PPRC). This solution is
especially valuable for customers who share data and storage subsystems between z/OS and Linux on
zSeries  for example, a SAP application server running on Linux on zSeries and a SAP DB server
running on z/OS. HyperSwap can also be helpful in data migration scenarios to allow applications to
migrate to new disk volumes without requiring them to be quiesced.

GDPS/PPRC can now provide the reconfiguration capabilities for the Linux on zSeries servers and data
in the same manner as it does for z/OS systems and data. To support planned and unplanned outages,
GDPS provides the following recovery capabilities:

Re-IPL in place of failing operating system images

Site takeover/failover of a complete production site

Coordinated planned and unplanned HyperSwap of disk subsystems, transparent to the operating system
images and applications using the disks

This innovative near continuous availability and disaster recovery solution requires IBM Tivoli®
System Automation for Multiplatforms V1.2 and later and z/VM V5.1, in addition to the other
GDPS/PPRC prerequisites. z/VM V5.1 is supported on zSeries 800, 900, 890, and 990.

Additional z800 to z890 upgrade paths

Additional upgrade paths from z800 models to z890 Model A04 are now available. z800
Models 0A2, 0X2, and 003 can now be upgraded to z890 Model A04. These additional z800 to
z890 upgrades support the 28 capacity settings as well as the features and functions offered on the
z890 Model A04.

On/Off CoD test

IBM continues to enhance On/Off CoD to be more responsive to your on demand business requirements.

On/Off CoD has been enhanced to allow for a no-charge test. No IBM charges are assessed for the
test, including IBM charges associated with temporary hardware capacity, IBM software, or IBM
maintenance. This test can be used to validate the processes to download, activate, and deactivate
On/Off CoD capacity nondisruptively. Each On/Off CoD-enabled server is entitled to one no-charge
test, per contract. This test may last up to a maximum duration of 24 hours commencing with the
download and activation of an On/Off CoD order. On/Off CoD tests which do exceed 24 hours in
duration will be treated in their entirety as billable On/Off CoD upgrades. In addition to
validating the On/Off CoD function within your environment, you may choose to use this test as a
training session for your personnel who are authorized to activate On/Off CoD.

On/Off CoD no-charge test can be requested and downloaded from the Web at Resource Link. Refer to

Extended staging of CIU-Express orders is available on z800, z900, z890,
and z990. Extended staging of On/Off CoD orders is exclusive to z890 and
z990.

Nondisruptive capacity change of z890 CPs:
Nondisruptive capacity change of z890 Central Processors (CPs) to a
different capacity setting, on subcapacity models, is now being offered
in the z/OS, z/OS.e, and z/VM environments. Linux may also take
advantage of the change when running as a guest under z/VM. z890
currently has the capability of concurrent upgrades, providing additional
capacity with no server outage or IPL when CPs of the same capacity
setting are added.

Previously, for a z890 with a subcapacity setting, a change to a
different CP capacity required up to two IPLs  one to implement the
increased capacity, and for an On/Off Capacity on Demand (On/Off CoD)
upgrade, one to go back to the original capacity. This new capability
eliminates up to two planned outages which improves overall system
availability. There is no hardware dependency. Refer to the
Software requirements
section for further information on z/OS, z/OS.e, z/VM, and Linux as a guest under z/VM.

Section 508 of the U.S. Rehabilitation Act

IBM z890 and z990 are capable on delivery, when used in accordance with IBM's associated
documentation, of satisfying the applicable requirements of Section 508 of the Rehabilitation Act of
1973, 29 U.S.C. Section 794d, as implemented by 36 C.F.R. Part 1194, provided that any Assistive
Technology used with the product properly interoperates with it.

With the introduction of a new generation of features in support of cryptography and networking, IBM
zSeries continues to offer a
balanced system design.

The Common Criteria Evaluation Assurance Level 5 (EAL5) certification for the security of the
Logical Partitions (LPARs) of the zSeries 990 continues to demonstrate zSeries leadership in an on
demand world.

zSeries 890

IBM brings the advanced mainframe technology of the z990 to your IT world with the IBM zSeries 890 (z890), designed and
sized specifically for the mid-sized enterprise. The z890 is a mainframe with advanced on demand
capabilities at a size and cost that fit your business. This new line of high-performance midrange
servers provides many of the capabilities available in larger enterprise-class servers at a lower
entry point, along with extremely granular growth options that allow you to purchase the capacity
that best satisfies your business requirements. The z890 supports z/OS, z/OS.e, z/VM, VSE/ESA, and
Linux on zSeries, delivering to you the flexibility desired to easily manage changing business needs
while maintaining mainframe levels of availability and security.

With the z890, you can start at the capacity setting you need to meet your IT infrastructure
requirements and easily add additional capacity to meet your changing needs as you grow. The single
model provides up to four processors with seven capacity settings each, a total of 28 capacity
settings.

zSeries 990

With a choice of four models, the largest z990 can be configured with up to three times the
processing power, four times the memory, four times the HiperSockets, up to four times the number of
ESCON channels, up to 25% more FICON, and up to twice the number of external coupling links of a
z900 Model 216 server. Each model adds to the system's total resources so you'll have the
ability to scale up with z/OS and reliably handle your most critical business transactions.

OSA-Express Token Ring not to be offered

The zSeries 890 and 990 are expected to be the last zSeries servers to offer a Token Ring feature.
It is intended that the OSA-Express Token Ring feature will not be available for ordering on a new
build or upgraded server, or for carrying forward on an upgrade.

A migration from a Token Ring to an Ethernet environment should be a part of all strategic LAN
planning.

All statements regarding IBM's plans, directions, and intent are subject to change or withdrawal
without notice.

Trademarks

GDPS, FICON, PR/SM, Processor Resource/Systems Manager, PR/SM, VSE/ESA, Resource Link, and HyperSwap
are trademarks of International Business Machines Corporation in the United States or other
countries or both.

The e-business logo, zSeries, z/OS, z/VM, S/390, ESCON, Parallel Sysplex, Tivoli, and eServer are
registered trademarks of International Business Machines Corporation in the United States or other
countries or both.

Linux is a trademark of Linus Torvalds in the United States, other countries or both

Other company, product, and service names may be trademarks or service marks of others.

Integrated Technology Services

IBM services include business consulting, outsourcing, hosting services, applications, and other
technology management.

These services help you learn about, plan, install, manage, or optimize your IT infrastructure for
e-business. They can help you integrate your high-speed networks, storage systems, application
servers, and wireless protocols, and an array of platforms, middleware, and communications software
for IBM and many non-IBM offerings. IBM is your one-stop shop for IT support needs.

For details on available services, contact your IBM representative or visit

Hardware requirements

The hardware requirements for the features and functions contained in this announcement are
identified. Support Element (SE) drivers and Hardware Management Console/Support Element (HMC/SE)
versions are identified.
Machine Change Levels (MCLs) are required.
Descriptions of the MCLs are available now via Resource Link at

MCLs are designed to be applied concurrently. Contact IBM service
personnel for further information.

Note:
TKE 4.2 code and the TKE 4.2 Smart Card Reader do not have SE driver
dependencies. TKE 4.2 is supported on S/390® G6 servers and zSeries
(z800, z900, z890, z990) when one or more of the following are present
(depending upon servers): CMOS Cryptographic Coprocessor Facility (CCF),
PCICC, PCIXCC, Crypto Express2.

IBM devices previously attached to IBM S/390 and zSeries servers are
supported for attachment to z890 and z990 ESCON® and FICON channels,
unless otherwise noted. The subject I/O devices must meet ESCON or FICON
architecture requirements to be supported. I/O devices that meet OEMI
architecture requirements are supported only via an external converter.
Prerequisite Engineering Change Levels may be required. For further
detail, contact IBM service personnel.

While z890 and z990 support devices as described above, IBM does not
commit to provide support or service for an IBM device that has reached
its End of Service effective date as announced by IBM.

Note:
IBM cannot confirm the accuracy of performance, compatibility, or any
other claims related to non-IBM products. Questions regarding the
capabilities of non-IBM products should be addressed to the suppliers of
those products.

Software requirements

Note:
z/OS.e is a specially priced offering of z/OS® for z800 and z890. z/OS.e cannot run on a z900 or
z990.

Software requirements for Crypto Express2:
Crypto Express2
on z890 and z990, and all of the functions introduced with this feature (unless otherwise noted),
requires at a minimum:

z/OS and z/OS.e V1.3, and later, with z990 Cryptographic Support, or z990 and z890 Enhancements to
Cryptographic Support.

z/VM® V5.1 for z/OS and Linux guests (planned to be available January 28, 2005).
Refer to the 2084/2086 PSP buckets for any required service.

VSE/ESA V2.7 and IBM TCP/IP for VSE/ESA V1.5.

Linux on zSeries support for clear key RSA operations is planned to be delivered in
October 2004 (for kernel 2.4) and in early 2005 (for kernel 2.6) as an Open Source contribution
via

CVV generation and verification services for 19-digit PANs
for the Crypto Express2 and PCIXCC features on z890 and z990 requires at
a minimum:

z/OS and z/OS.e V1.6, and later.

ICSF support provided by ICSF 64-bit Virtual Support for z/OS and z/OS.e
V1.6. This Web deliverable is planned to be available
December 17, 2004, and is required for exploitation of this
function.

Enabling use of less than 512-bit keys for clear key RSA operations
for the Crypto Express2 and PCIXCC features on z890 and z990 requires at
a minimum:

z/OS and z/OS.e V1.3, and later, with z990 Cryptographic Support, or z990
and z890 Enhancements to Cryptographic Support.

z/VM V5.1 for z/OS guests (planned to be available
January 28, 2005). Refer to the 2084/2086 PSP buckets for any
required service.

2048-bit key (clear and secure) RSA operations
for the PCICC feature on z800 and z900 and the PCIXCC feature on z890 and
z990 requires at a minimum:

z/OS and z/OS.e V1.3, and later.

z/VM V4.3, and later, for Linux guests (PCICC).

z/VM V5.1, and later, for z/OS guests (PCICC).

z/VM V5.1, and later, for Linux and z/OS guests (PCIXCC). Refer to the
2084/2086 PSP buckets for any required service.

Linux on zSeries support for clear key RSA operations for the PCIXCC
feature is provided in the currently available distributions (plus
maintenance), SUSE SLES 8 and SLES 9, Turbolinux TLES 8, and Conectiva
CLEE. Red Hat RHEL 3 can use the support available at

Software requirements for FICON Express:
FCP LUN Access Control
, when available, applies to the FICON Express features on z890 and z990
when configured as CHPID type FCP.

z/VM V4.4, and later, with PTF for APAR VM63328. To be supported
concurrent with hardware planned availability.

Linux on zSeries. The currently available distributions, SUSE SLES 8 and
SLES 9, and Conectiva CLEE support FCP LUN Access Control except for the
exploitation of read-only sharing of SCSI devices. Linux on zSeries
support for read-only sharing of SCSI devices is planned to be delivered
in early 2005 as an Open Source contribution via

OSA-Express2 10 Gigabit Ethernet LR
on z890 and z990 supports TCP/IP only (CHPID type OSD) and requires at a
minimum:

z/OS and z/OS.e V1.3, and later.

z/OS and z/OS.e V1.5, and later (for Checksum offload).

z/VM V3.1 and V4.3, and later (planned to be available
January 28, 2005). Refer to the 2084/2086 PSP buckets for any
required service.

VSE/ESA V2.6, and later.

TPF V4.1 at PUT 13 with PTF for APAR PJ27333, plus PTF for APAR PJ29930
for a definition/display enhancement in support of 10 GbE. Includes VIPA
support, which allows TCP/IP connections to be balanced in a loosely
coupled environment.

Linux on zSeries (including Checksum offload support) support is planned
to be delivered in early 2005 as an Open Source contribution via

z/VM V3.1 and z/VM V4.3, and later, with PTFs for APARs VM63524 and
PQ91421 (planned to be available January 28, 2005). Refer to
the 2084/2086 PSP buckets for any additional required service.

Linux on zSeries. The currently available distributions, SUSE SLES 8 and
SLES 9, Red Hat RHEL 3, and Conectiva CLEE.

Note:
The OSA-Express2 features support all of the functions previously
announced for the QDIO mode (CHIPD type OSD). Refer to the z890 and z990
Software requirements
section of the
Sales Manual
on the Web and to the October 2004 update to the
z890 and z990 Open Systems Adapter-Express Customer's Guide and Reference
(SA22-7935).

z/OS and z/OS.e V1.3, and later, with optional PTF for APAR OA08556.
OA08556 may improve the performance characteristics of the CF when list
structures are being duplexed, especially when using a mix of CFCC levels
(for example, CFCC level 14 on one CF and a lower CFCC level on another).
If duplexing of list structures is not being used, application of the PTF
associated with this APAR is optional at this time.

z/OS and z/OS.e V1.4, and later, with optional PTF for APAR OA08742.
OA08742 is the generic CFCC level 14 support  it raises the z/OS CFCC
level "understanding" to 14. This allows exploiters to explicitly
request CFCC level 14 for their structures. At the time of this
announcement there are no exploiters that do request level 14, so
application of the PTF associated with this APAR is optional at this
time.

z/VM V3.1 and V4.3, and later, for z/OS guest support within a test
environment.

Software requirements for GDPS enhancement:
GDPS/PPRC Multiplatform Resiliency for zSeries
on z800, z900, z890, and z990 requires at a minimum:

z/VM V5.1

IBM Tivoli® System Automation for Multiplatforms V1.2, and later

For additional GDPS/PPRC prerequisites refer to the following Web site

IGS has the expertise and personnel available to effectively plan and
deploy the appropriate cabling with the future in mind. These services
may include planning, consultation, cable selection, installation, and
documentation, depending upon the services selected.

These services are designed to be right-sized for your products or the
end-to-end enterprise, and to take into consideration the requirements
for all of the protocols and media types supported on zSeries (for
example, ESCON, FICON, Coupling Links, OSA) whether the focus is the data
center, the Storage Area Network (SAN), the Local Area Network (LAN), or
the end-to-end enterprise.

IBM Networking Services
are designed to deliver convenient, packaged services to help reduce the
complexity of planning, ordering, and installing fiber optic cables. The
appropriate fiber cabling is selected based upon the product requirements
and the installed fiber plant.

The services are packaged as follows:

Under the
zSeries fiber cabling services
umbrella there are
three
options to provide individual fiber optic cables (jumper cables,
conversion kits, and MCP cables) for connecting to z800, z890, z900, and
z990, each option incorporating a specific set of services.

Option 1  Fiber optic jumper cabling package. IBM does the detailed
planning. This option includes planning, new cables, installation, and
documentation. An analysis of the zSeries channel configuration, I/O
devices, and any existing fiber optic cabling is required to determine
the appropriate fiber optic cables.

Option 2  Fiber optic jumper cable migration and reuse for a zSeries
upgrade. IBM organizes the existing fiber optic cables based upon the
z890 and z990 connection details. Relabeling, rerouting, and
reconnection to the appropriate z890 and z990 channels is performed. New
cables are not offered as a part of this option.

Option 3  Fiber optic jumper cables and installation. The customer
tells us what they need. They do the detailed planning. The service
includes new cables, installation, and documentation. Planning and
providing the list of required cables are customer responsibilities.

Options 1 and 2 can be combined within one statement of work to provide
comprehensive upgrade coverage.

Under the
enterprise fiber cabling services
umbrella there are
two
options to provide IBM Fiber Transport System (FTS) trunking commodities
(fiber optic trunk cables, fiber harnesses, and panel-mount boxes) for
connecting to the z800, z900, z890, and z990.

Option 2  Enterprise fiber cabling services. IBM organizes the entire
enterprise. This option includes enterprise planning, new cables, fiber
optic trunking commodities, installation, and documentation. This is the
most comprehensive set of services.

Refer to the services section of Resource Link for further details.
Access Resource Link at

Cabling responsibilities:
Fiber optic cables, cable planning, labeling, and placement are all
customer responsibilities for new installations and upgrades. Fiber
optic conversion kits and Mode Conditioning Patch (MCP) cables are not
orderable as features on z890 and z990. Installation Planning
Representatives (IPRs) and System Service Representatives (SSRs) will not
perform the fiber optic cabling tasks without a services contract.

The following tasks are required to be performed by the customer prior to
machine installation:

All fiber optic cable planning.

All purchasing of correct fiber optic cables.

All installation of any required MCP cables.

All installation of any required Conversion Kits.

All routing of fiber optic cables to correct floor cutouts for proper
installation to server.

Use the Physical CHannel IDentifier (PCHID) report or the report from the
CHannel Path IDentifier (CHPID) Mapping Tool to accurately route all
cables.

All labeling of fiber optic cables with PCHID numbers for proper
installation to server.

Use the PCHID report or the report from the CHPID Mapping Tool to
accurately label all cables.

Additional service charges may be incurred during the server installation
if the above cabling tasks are not accomplished as required.

The table lists the connectors and cabling supported for each of the
features available for ordering on the z890 and z990. For convenience,
those features brought forward on an upgrade from z800 and z900 are also
listed.

Security, auditability, and control

This product uses the security and auditability features of, for example, host hardware, host
software, and application software.

The customer is responsible for evaluation, selection, and implementation of security features,
administrative procedures, and appropriate controls in application systems and communications
facilities.

IBM Global Services has transformed its delivery of hardware and software support services to put
you on the road to higher systems availability. IBM Electronic Services is a Web-enabled solution
that provides you with an exclusive, no-additional-charge enhancement to the service and support on
the IBM . You should benefit
from greater system availability due to faster problem resolution and preemptive monitoring. IBM
Electronic Services is comprised of two separate but complementary elements: IBM Electronic Services
news page and IBM Electronic Service Agent.

IBM Electronic Services news page provides you with a single Internet entry point that replaces the
multiple entry points traditionally used by customers to access IBM Internet services and support.
The news page enables you to gain easier access to IBM resources for assistance in resolving
technical problems.

The IBM Electronic Service Agent is no-additional-charge software that resides on your IBM system that is designed to
proactively monitor events and transmit system inventory information to IBM on a periodic
customer-defined timetable. The IBM Electronic Service Agent tracks system inventory, hardware
error logs, and performance information. If the server is under a current IBM maintenance service
agreement or within the IBM warranty period, the Service Agent automatically reports hardware
problems to IBM. Early knowledge about potential problems enables IBM to provide proactive service
that maintains higher system availability and performance. In addition, information collected
through the Service Agent will be made available to IBM service support representatives when they
are helping answer your questions or diagnosing problems.

This product is available for purchase under the terms of the IBM
Customer Agreement.

Each IBM machine is manufactured from parts that may be new or used. In
some cases, a machine may not be new and may have been previously
installed. Regardless, IBM's appropriate warranty terms apply.

Field-installable feature:
Yes

Warranty period:
One year

Customer setup:
No

Licensed Internal Code:
IBM Licensed Internal Code (LIC) is licensed for use by a customer
on a specific machine, designated by serial number, under the terms and
conditions of the IBM Agreement for Licensed Internal Code, to enable a
specific machine to function in accordance with its specifications, and
only for the capacity authorized by IBM and for which the customer has
acquired. You can obtain the agreement at the following Web site or by
contacting your IBM representative.

The Americas Call Centers, our national direct marketing organization, can add your name to the
mailing list for catalogs of IBM products.

Note:
Shipments will begin after the planned availability date.

Trademarks

Resource Link, PR/SM, PR/SM, FICON, VSE/ESA, developerWorks, GDPS, and Electronic Service Agent are
trademarks of International Business Machines Corporation in the United States or other countries or
both.

The e-business logo, zSeries, S/390, ESCON, z/OS, z/VM, Tivoli, and eServer are registered
trademarks of International Business Machines Corporation in the United States or other countries or
both.

Linux is a trademark of Linus Torvalds in the United States, other countries or both

Other company, product, and service names may be trademarks or service marks of others.